Remote Application Security Engineer

Logo of dLocal

dLocal

πŸ“Remote - Brazil, Uruguay

Job highlights

Summary

The job is for a Security Engineer at dLocal, a global team that simplifies payment expansion in emerging markets. The role involves implementing a software assurance model, performing security design reviews, code reviews, and triaging security vulnerabilities. The position offers flexible work culture with travel, health, learning benefits, among others.

Requirements

  • Strong proficiency in at least one programming language like Java and/or NodeJS and also knowledge in any scripting languages
  • Hands-on experience working with developers in building a software assurance model
  • Demonstrate the ability to manually fix/mitigate security flaws on web applications and APIs code-level
  • Experience designing secure web services, APIs and microservice architectures
  • Familiarity with threat modeling frameworks in cloud-base environments (OWASP, STRIDE, MITRE, etc)
  • Experience with application/development security tools including but not limited to: Burp Suite, Qualys/WAS (or similar), Checkmarx (or similars), Bitbucket (or similars), Jenkins, Docker, etc)
  • Familiarity with implementation and maintenance of SAST/DAST/IAST/SCA security sensors in a development pipeline
  • In-depth knowledge of OWASP10, SANS25 and other world-known application security frameworks
  • Understanding of a complete SDLC and how to make it secured (S-SDLC)
  • Familiarity with Cloud platforms (AWS or equivalent)
  • Ability to lead people to problem resolution when it comes to Security (Integrate teams, specially Engineering Team)
  • Effective written and oral communication involving both business and technical sides of the business
  • Quickly identify issues and solve them
  • Ability to present technical risks to broader audience (both written and spoken)

Responsibilities

  • Implement a software assurance model
  • Perform security design reviews for new features and product releases
  • Perform code reviews and advise developers on remediation techniques
  • Design controls to detect and respond to common attacks on our platform
  • Triage and respond to external inquiries around security vulnerabilities
  • Facilitate internal training on various security topics to raise awareness and interest

Preferred Qualifications

  • Certified in any related security development certifications like CSSLP, CASE or others
  • Exposure to PCI-DSS framework or any other relevant security standard will be valued
  • Extensive knowledge of security architectures, both monoliths and microservices, including how they are developed and operate at scale
  • Have had developed a personal or enterprise software/script with focus on security (exploitation of vulnerabilities, hardening automation, API integration for security)

Benefits

  • Flexible work culture
  • Travel
  • Health benefits
  • Learning benefits

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.
Please let dLocal know you found this job on JobsCollider. Thanks! πŸ™